RANDOM NUMBER GENERATORS

TYPES OF ENCRYPTION

This page describe some basic concepts in cryptology. The purpose
of the encryption is discussed as a function of the application area.
We divide the various application areas, and discuss
purpose, implementation, and technology.

Academic Encryption Research

Military Encryption

Internet Encryption

The DES and the AES...

Industrial Encryption

Academic Encryption Research

The academic encryption research has many parts and branches, and here we
we will concentrate on the so-called published encryption algorithms.
Please kindly -- do not ever assume the other parts of research to be
any better ...

The Purpose of Academic Encryption (algorithms)

When an algorithm is published for research purposes, it is distilled to
include only a single primitive. The intention is to let other researchers
investigate this primitive, find its strength and weaknesses, and compare
with other previously used or published encryption primitives.
It is absolutely not intended for file encryption in a PC!

Now, if you investigate and publish your results on a particular algorithm,
you also give support to the inventors/author of the algorithm.
Some researches first check, that those authors are Worthy of any follow-up
article. You must also find, in a rather short time-frame, a result worth
publishing. A total complete break may be required. Some weaknesses, that may be
devastating for the security, may be too detailed and complex to explain
in a short research paper, so it do not get published. And the algorithm may
simply be boring, so no one find the energy to write a research paper on it.

So, if a "Published Algorithm" has not been "Broken" for 20 years or so, it just
say that this is an uninteresting boring algorithm of unknown strength,
and no one has done any work on it. If, on the other hand, research has been
published, then the algorithm has most certainly been broken!

After the AES contest we now have about 1000 published encryption algorithms,
where some was made with good intent, many others may have been produced by
some code-breakers, to ease their work somewhat, should some fool put it
into a product.

Summary

The academic encryption research do not intend to give you a secure
paste-glue encryption solution. The algorithms, even though interesting,
is for internal use only. You may learn and use components, but the final
industrial encryption you will have to build yourself.

Military Encryption

Most people recognise Military encryption, or Military Grade Encryption
to be of the highest security level. Stay tune, and you have some
surprises coming...

The Purpose of the Military Encryption

The purpose of military activity is to make problems and increase costs of
the Enemy. Encryption is here an important tool, and Spies and Cryptanalysis
will tell how well you are doing. The trick is to use a modest security
encryption, so the Enemy can read what you are typing. You may then feed the Enemy
with various idéas and fictitious reports, to further confuse him.

So, in the 50s, the Russians are to test-launch a rocket. On the rocket
there are sensors for altitude, speed, and acceleration. This will be sent back
by radio to the base. The communication will, of course, be encrypted. But
the Russians now expect an American cryptanalysis effort.

So let's simply recalibrate the sensors, so altitude is a bit higher,
and acceleration and speed exactly correspondingly higher. Off go the rocket.
So, the Russians record a modest and OK flight test, while the Americans,
after evaluating the decrypted sensor data, find an exceptional successful
flight test, and have severe problems matching the Russians rocket motor efficiency.

The Swedish HC-9 Encryption Machine

The HC-9 has a pseudo-number-generator that select one substitution alphabet
out of a set of 16. The 16 alphabets are printed on a paper, that is mounted onto
a revolving drum. The pseudo number generator use 5 cyclical shift registers.
It is a mechanical encryption device used many years.

The Military has different grades of the encryption. Low grade messages, valid
only for a short period of time, can use low grade encryption. Messages of
strategic value use higher grade encryption. The HC-9 was classified for
high grade messages, that may be of value up to 2 years.

The story now go like this. In peacetime, there are no strategic messages to be
exchanged between various parts of the upper command. A typical military exercise
simply have to few soldiers. So the Upper Command train by encrypting and
sending fictitious messages between two stations.

So, being a mechanical device, the security is not that high, and it will
deteriorate quickly as total sent message lengths pile up. So we now do
like this. We let the radio operators send frequent and long messages!
This will lead The Enemy ... i.e. The Russians ... into that this will be the war-time
use of the machine.

The machine was also used on the Swedish submarines. OK to let the submarines
use the machine, sending tedious reports on any subject, while in peacetime, and while
the submarine is also in Swedish water. Not nice if the Swedish submarine happens
to be 200m from the Polish cost... taking a periscope colour photo of
some harbour, lighthouse, or Russian military vessel.

We now proceed as follows. In case of a real War, we simply declassify the machine
to be used only on a lower grade, for messages with a military value less
than 6 hours. The sealed orders may lay at the military depot, to be taken out
and opened at the start of the War. You may also restrict total message volume
on each key; by updated instructions
or frequent key change. During peacetime, you may simply forgot changing keys,
or even use same key settings on two different military exercises. The key
settings of the cyclic shift registers was by a hole punched card and the
alphabet page have 16 reciprocal alphabets. So very easy to change these
papers, but indeed not very easy to manufacture new ones.

The cryptanalytic entry consists of exploiting
the different relative frequencies in the
language. But if you fix a little in the 16 substitution alphabets -- like
having all 16 alphabets substituting high frequency letters into a similar
subset of characters, and the same for medium and low frequency characters,
then it get much more difficult to separate the
alphabets from each other and lern about
the pseudo-random-generator that control the selection of substitution
alphabets.

All keys do not have the same strength. A random key is weak. This is
an intentional property of most old mechanical devices. The Hagelin
machines where especially good on exploiting this concept.
(random selections of keys very weak)

Summary

Military Encryption is a tool in an information-warfare, together with false
events, fabricated news or accidents, politics, ordinary lies, and spies.
It is complete useless for your business secrets!
Most military encryption standards, algorithms, tools, units, machines, are
indeed rather weak.

Internet Encryption

I get kind of sad writing about the Internet, as so many innocent
people have been hurt, or soon will be, by the lack of security measures.

Security Requirements

Before we start, let's make a list of necessities, requirements,
or must-haves, for any encryption security.

Secure computing

The first is that you must have a computing engine, that is secure, so
you can rely upon, it is not leaking out your secrets. No, this is NOT
latest security updates installed! It must be impossible for the Opponent
to install and run ANY software on your machine. So ... no security updates,
no driver updates, not any updates, no virus scan/updates, and no USB insert
of USB stick, and no DVD player (that may install software). As soon as
Opponent have a software in your machine,
no security or encryption will work any more. And the pro-made evil software
will not show up on any scan tool.

Note that if you have competent Opposition, they may request Microsoft or
any other (like graphics, camera, or storage) to include a hack into
any update, that will be dangerous only
for you, and not disturb any one else.

No Cell Phone Security

For cell phones, we note that it is illegal to manufacture
any kind of cellphone in which IT IS POSSIBLE to install
any kind of security. So cell-phone vault and call-phone internet
banking is simply False. This has been in effect since the 3G SMS phones.

Some phones had a symbol on the display, if base-station
used encryption or not. You could set to deny unencrypted connection.
... How is it in your phone?

A TRNG to generate the keys

You must have hardware means of generating keys. This is the hardware random
number generator coming back to us again. It is indeed needed, as evidently
much effort have gone into preventing good key generation.

A Key Channel

You must have a secure key channel. You MUST HAVE A KEY CHANNEL.
No encryption can give you any security, it can only transfer the security
of the channel to your encrypted messages (Cryptology axiom).
If you don't have a key channel, no security!
And public key may complicate and obscure and fool you, still no
key channel and then no security ...
The Public Key hysteria, in passing, use a hidden key channel consisting
of trusting a number of not very trustful external companies and cryptanalysis
organisations, with a bad track record.

Protect keys and Machine

You must co-operate with your machine, help it, to get security.
This is intuitively true, but I list it here, as it is false for
DRM or pay-TV applications or similar. For media protection
you have severe problems in that the legitimate user is trying to
circumvent your system.

Be Careful!

A final requirement: You must be Paranoid!

The Purpose of Internet Encryption

So, the purpose of the Internet encryption, is not at all
keeping your personal data a secret, or protect your
on-line banking transactions. The main requirement is to allow
easy and immediate access to any data you may send using any
available protective measures. (Your hard-drive stored data
is from Win7 onwards intended to be indexed by some system file
search tool, to facilitate easy access by you or any one else.)

The only security requirement,
possibly, is to prevent (or at least make difficult) access from
the neighbours and some 14 yr hacker. Not that difficult.
Not much security is needed.

Recommended Measures

You can increase security, much, especially for the on-line banking,
by booting a Linux from a DVD. If you boot from a DVD,
so you only have a DVD and RAM, no virus can install to any drive.

You will find a lot of useful information on the Terry Ritter site.
But remember, that you will always be limited by internet-toy-security-encryption.

Summary

Internet, and ordinary computer security, is a real nightmare and many skilled
and educated people have put in some sustained effort in preventing you from
keeping any secrets anywhere. You may not gain security if you follow standard
established methods, protocols, or algorithms.

On the positive side, we also note that the treats, like from virus attacks,
has been much overestimated: to ignite more fear, to shift focus away
from the bad people exploiting the non-existent security,
and to empty your pockets of money for virus scanners.

The DES and the AES...

The DES, Data Encryption Standard was an U.S. encryption standard used (mandatory)
for banks. It is used in ATM machines and generally for funds transfer.
It is the only cipher that has been analysed thoroughly.

The AES, sk Advanced Encryption Standard, is the present encryption standard used
on the internet. The Intel processors have hardware support for AES.

The source for the
TRNG9803 product use the bitslice-DES, and much
of this part about the DES was taken from file "processing.c" source code file.

The history of the DES

The DES goes back to 1970, where only employed staff had access to Computers.
A software was run by an operator, who reads in a manual how to load the
proper tapes and assign a line printer for the output. Punched cards was often
used for software and configuration. The operator then delivers a pack of
printer paper to he who ordered the run. CPU time was measured in ms, and
it was very expensive; very expensive equipment, and a typical staff of 10.
Operation normally 24/7.

Eventually it became evident that The Banks needed a validated cipher for
inter-bank communication. Remember, that this was before the World-War-II
codebreaking effort was made public. IBM was working on a block cipher called
Lucifer. IBM in co-operation with NSA developed the DES (fips46-3.pdf).

At the time no one thought of PC:s, software encryption, and all else that
we now have. The DES module was a 10kg unit on a 19" rack attached to the
CPU in the computer room. You cannot "hack" your own software; all runs are
made at the console, and each run must be paid for on an account.

The DES was protected by IBM patents; IBM granted a free licence for
implementations that conformed to the printed standard.

My best guess is that the DES was made as good as possible at the time.
It was probably estimated that the DES would protect most or all of the
financial sector, and likely also other sensitive information. Note that
enemies of the USA (Russians) was also skilled in code-breaking, and spies
could steal the secret solution, if there were any.

The development of electronics and computers has been very fast for many
years. The short 56 bit key is an obvious way in, and anyone can see that,
but the protection level seemed adequate at the time. A slower progress
prognosis was used, so that the 56 bit key would suffice for many years.

Open research in cryptography seems to be 25-30 years behind; this is how
long it took before differential and linear cryptanalysis was published.
You should note that these methods broke all ciphers suggested by Open
Research, while the security of DES was reaffirmed by this analysis.

Suddenly anyone could have their own computer. Software encryption was
used for e-mail and web access security.
The DES have a too short block length, and its key is too short.
Obvious steps would be to drop/replace the DES key expansion, and use
some trick to extend the block size. In case there could be some security
problem, inside the DES, the easy way to prevent this would be to simply
use the DES in a clever way, such as using a secure feedback scheme.
Example: The Meyer Matt. plaintext-ciphertext feedback.

Terry Ritter propose a solution
The Fenced DES Cipher (1994-04-29)
where he process plaintext, 64 bits, through 8 byte size substitution tables
before DES encryption, and through an independent set of 8 more substitution
tables after DES encryption. This increase strength substantially, and also make
any secret DES hack obsolete, so now there is only the hard way to get in.
An obvious little extra, is to drop the 56 bit input DES key, and load
independent key data for each of the 16 DES rounds, for a total of 768 key
bits. This will increase strength
a bit, but importantly, prevent any weakness in the DES key expansion.
If you, for compatibility reasons, need to run standard 56 bit DES, you can still
do that with clever key assignment.

The computational speed of the
The Fenced DES Cipher
can be further increased by using the
bitslice DES.
It is a software trick to
calculate multiple DES at the same time, one DES for each bit in the computer's
word size. So you calculate once, and get 64 blocks encrypted on a 64 bit machine.

The outcome of this scenario (Fenced DES) is that, in Future and Forever,
most communications
that the NSA would wish to hack would be protected by the DES, where there is
no simple way in, as someone now just replaced the short 56 bit key,
with a 1000 byte key string.

Ohh Dear!

And what happened next??

Replacing DES with a new cipher

The NIST was requesting suggestions for a new encryption standard. Anything
invented by the Open Research (... and they are still 30 years behind)
would be better than
an strengthened DES. Messy things, like the new IBM candidate, can be sidetracked
arguing it is not "pure" or "elegant". In case Open Research actually breaks a candidate,
it is simply removed from the list. Eventually the AES was selected as The New
Encryption Standard. Situation corrected; now NSA can hack all your communications!
Public Key also helps in this effort.

Proof of that all above is Correct: On new processors Intel include an AES-instruction
to make AES encryption fast & easy. This cannot occur without NSA approval.

The Purpose of The DES and the AES

While the purpose of the DES was to stop every software programmer from
using toy-encryption for vital (bank) communications, the AES seems to
be an intelligence-op to allow easy access to encrypted communications.
Ohhh, nooo! the Banks don't use the AES, they use the tripple-DES,
so they still use DES!

... and do your Internet Bank still accept the RC4 cipher?

Industrial Encryption

Industrial encryption is to be understood as a complete encryption
solution for industrial or field use. The security should be high and robust.
If a single unit is misunderstood or not working, the overall security
shall remain.

Parts of Industrial Encryption

There must be a secure and hardened secure environment
where encryption take place.

There must be a hardware random number generator. This is required for
key generation, and often is generally useful.

There is a policy on when and how to change the keys

There must be a defined key channel; a description how the keys
is to be entered into the machines.

The encryption will take place using a
combination of various cipher parts and techniques.

The messages have format information, such as date,
serial number, and authentication codes.

A machine or node could be declared Compromised, and then there should
be some set of measures
to remedy this situation. There must not be any components declared as
Trusted; i.e. removed from scrutiny.

There must be a set of operator instructions on how to use the system.

In conflict between security and convenience, security shall come first.

There must not be any side channels, like phone calls where classified
issues are "talked around"; discussed in terms of "you know what I mean.."

The security shall not rest upon any academic proofs, as,
evidently, some of these proofs are not valid if the system go under attack or
proofs simply false.

Summary

It is possible, indeed cheap, to implement very high security if you are prepared
to work it out yourself. Low security, where you are trying not to slip hanging
on the brink, is for military experts, very dangerous, and very expensive.

HC-9

Transvertex HC-9

Fenced DES

The keyspace of the fenced DES is 27.712 bits (3.38 kBytes).

Bitslice DES

John the Ripper password cracker, DES bitslice community.

ASIC Solutions

Fast Modular Multiplication

Currently, we don't actively develop the ASIC-RSA solution. If an extremely fast solution is needed, for server
side security/RSA encryption, an FPGA implementation of the technology might easily prove a factor faster
compared to conventional technology.